Network->General

August 16, 2012

Anyone can go research IT companies and make decisions based solely on what they read, but this is not how people make decisions. People interested in buying a product or service want to know if it will work, how well it has worked in the past, and if current customers are happy with the product or service...

August 15, 2012

To provide more effective data protection that combines preventive and detective controls, a security admin can obtain the necessary technical information to create reports and dashboards that translate data into terms the business understands to make information security visible, measurable and accountable...

August 13, 2012

Melancon notes a key finding that “Hackers are always looking for outliers…and the key is to have a way to evaluate your systems and security posture continuously and be able to react pretty quickly.” What else can businesses learn from hackers? Check out this video to find out...

August 10, 2012

Our information and cyber security perimeters and infrastructures are battered daily by scores of probes, scans, and attacks. We stand in defensive posture ducking, bobbing and weaving as we try to avoid the offensive onslaught. It is a losing proposition. Isn't it time we started striking back?

August 01, 2012

Alexander Polyakov describes a recently discovered and widespread architectural vulnerability which especially targets SAP applications and allows for the bypassing of SAP security restrictions, such as firewalls, even in secure landscapes...

August 01, 2012

Josh Corman and Attrition.org's Jericho took some time out at BSidesLV to discuss their article series titled "Building a Better Anonymous" which examined the rogue movement's pros and cons, successes and failure, the group's caricature in the media, and the movement's future...

July 31, 2012

Former White House Cybersecurity Coordinator Howard Schmidt offers his opinions on the issues surrounding the strengthening of the relationship between government and the private sector, as well as the urgent need for the passage of effective cybersecurity legislation...

July 30, 2012

Dave Porcello, Founder and CEO of Pwnie Express discusses the recently released Power Pwn, a fully-integrated enterprise-class penetration testing platform, covering the entire spectrum of a full-scale pentesting engagement, from the physical-layer to the application-layer...

July 24, 2012

I read this blog post on Slide Rules by Wendy Nather and immediately dropped her a note asking for permission to convert it into a video. After a huge battle with 20th Century Fox over rights to film I won... well at least that’s how I imagine it to have happened...

May 16, 2012

When a system or device has been properly hardened, all unnecessary bells and whistles are turned off, disabled, or simply ripped out, leaving only the bare minimum needed to run the service. This creates a much smaller surface area to attack...

May 07, 2012

Private sector advocates such as Clinton believe some of the current legislation under consideration is far too punitive in nature, and would disincentivize companies from both investing in better security measures and from disclosing data loss events...

April 26, 2012

Javvad Malik caught up with Nikhil Mittal at Black Hat Europe 2012 to talk about some human interface technology and their use in network penetration testing. Javvad's coverage of Black Hat Europe courtesy of Infosec Island and NETpeas...

April 24, 2012

Javvad Malik caught up with Don Bailey at Black Hat Europe 2012 to hear about machine to machine technology and the security challenges it brings. Javvad's coverage of Black Hat Europe courtesy of Infosec Island and NETpeas...

April 20, 2012

Joshua Corman wrote a post in which he raises some valid points about tools like Metasploit. Naturally, the purpose such tools is to aid a security tester in finding vulnerabilities. However you cannot dictate if someone will use this for attack or defensive purposes...